Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump the dependencies group across 1 directory with 7 updates #1866

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 26, 2024

Updates the requirements on org-ruby, creole, rexml, activesupport, minitest, sanitize and nokogiri to permit the latest version.
Updates org-ruby from 0.9.9 to 0.9.12

Changelog

Sourced from org-ruby's changelog.

-- mode: org; mode: auto-fill; --

#+title: Changelog #+startup: showeverything

  • 0.9.10 / 2014-12-09
  • Add option to disable Rubypants
Commits

Updates creole from 0.3.8 to 0.5.0

Changelog

Sourced from creole's changelog.

0.5.0

  • Remove methods make_*_anchor
  • Add method make_headline
  • Parse tags inside link text
Commits

Updates rexml from 3.3.3 to 3.3.6

Release notes

Sourced from rexml's releases.

REXML 3.3.6 - 2024-08-22

Improvements

  • Removed duplicated entity expansions for performance.

    • GH-194
    • Patch by Viktor Ivarsson.
  • Improved namespace conflicted attribute check performance. It was too slow for deep elements.

    • Reported by l33thaxor.

Fixes

  • Fixed a bug that default entity expansions are counted for security check. Default entity expansions should not be counted because they don't have a security risk.

  • Fixed a parser bug that parameter entity references in internal subsets are expanded. It's not allowed in the XML specification.

  • Fixed a stream parser bug that user-defined entity references in text aren't expanded.

Thanks

  • Viktor Ivarsson

  • NAITOH Jun

  • l33thaxor

REXML 3.3.5 - 2024-08-12

Fixes

  • Fixed a bug that REXML::Security.entity_expansion_text_limit check has wrong text size calculation in SAX and pull parsers.
    • GH-193
    • GH-195
    • Reported by Viktor Ivarsson.
    • Patch by NAITOH Jun.

... (truncated)

Changelog

Sourced from rexml's changelog.

3.3.6 - 2024-08-22 {#version-3-3-6}

Improvements

  • Removed duplicated entity expansions for performance.

    • GH-194
    • Patch by Viktor Ivarsson.
  • Improved namespace conflicted attribute check performance. It was too slow for deep elements.

    • Reported by l33thaxor.

Fixes

  • Fixed a bug that default entity expansions are counted for security check. Default entity expansions should not be counted because they don't have a security risk.

  • Fixed a parser bug that parameter entity references in internal subsets are expanded. It's not allowed in the XML specification.

  • Fixed a stream parser bug that user-defined entity references in text aren't expanded.

Thanks

  • Viktor Ivarsson

  • NAITOH Jun

  • l33thaxor

3.3.5 - 2024-08-12 {#version-3-3-5}

Fixes

  • Fixed a bug that REXML::Security.entity_expansion_text_limit check has wrong text size calculation in SAX and pull parsers.
    • GH-193
    • GH-195
    • Reported by Viktor Ivarsson.
    • Patch by NAITOH Jun.

... (truncated)

Commits
  • 95871f3 Add 3.3.6 entry
  • 7cb5eae parser tree: improve namespace conflicted attribute check performance
  • 6109e01 Fix a bug that Stream parser doesn't expand the user-defined entity reference...
  • cb15858 parser: keep the current namespaces instead of stack of Set
  • 2b47b16 parser: move duplicated end tag check to BaseParser
  • 35e1681 test tree-parser: move common method to base class
  • 6e00a14 test: fix indent
  • df3a0cc test: fix indent
  • fdbffe7 Use loop instead of recursive call for Element#namespace
  • 6422fa3 Use loop instead of recursive call for Element#root
  • Additional commits viewable in compare view

Updates activesupport from 7.1.3.4 to 7.1.4

Release notes

Sourced from activesupport's releases.

7.1.4

Active Support

  • Improve compatibility for ActiveSupport::BroadcastLogger.

    Máximo Mussini

  • Pass options along to write_entry in handle_expired_entry method.

    Graham Cooper

  • Fix Active Support configurations deprecations.

    fatkodima

  • Fix teardown callbacks.

    Tristan Starck

  • BacktraceCleaner silence core internal methods by default.

    Jean Boussier

  • Fix delegate_missing_to allow_nil: true when called with implict self

    class Person
      delegate_missing_to :address, allow_nil: true
    def address
    nil
    end
    def berliner?
    city == "Berlin"
    end
    end
    Person.new.city # => nil
    Person.new.berliner? # undefined local variable or method `city' for an instance of Person (NameError)

    Jean Boussier

  • Work around a Ruby bug that can cause a VM crash.

    This would happen if using TaggerLogger with a Proc formatter on which you called object_id.

... (truncated)

Commits
  • 6f57590 Preparing for 7.1.4 release
  • 63fe89d Sync changelog
  • 128b5b0 Merge pull request #52631 from zenspider/zenspider/minitest-cleanup
  • dbc560d Merge pull request #52609 from rails/rm-minitest
  • 5141c14 Fix delegate_missing_to allow_nil: true when called with implict self
  • a2a12fc Fix a performance regression in attribute methods
  • aa418a0 Merge pull request #52099 from justinko/issue-52089
  • eedbe69 Merge branch '7-1-sec' into 7-1-stable
  • e2d8ca8 Update Method#duplicable? to be consistent with Ruby 3.4
  • 8dd08eb Merge pull request #51939 from ElMassimo/fix-broadcast-logger-compatibility
  • Additional commits viewable in compare view

Updates minitest from 5.23.1 to 5.25.1

Changelog

Sourced from minitest's changelog.

=== 5.25.1 / 2024-08-16

  • 2 bug fixes:

    • Fix incompatibility caused by minitest-hooks & rails invading minitest internals.
    • Revert change from =~ to match? to allow for nil if $TERM undefined.

=== 5.25.0 / 2024-08-13

  • 2 minor enhancements:

    • Fixed some inefficiencies filtering and matching (mostly backtraces).
    • Refactored siginfo handler to reduce runtime costs. Saved ~30%!
  • 5 bug fixes:

    • Added missing rdoc to get back to 100% coverage.
    • Cleaning up ancient code checking for defined?(Encoding) and the like.
    • Disambiguated some shadowed variables in minitest/compress.
    • Fixed an ironic bug if using string-literals AND Werror.
    • Improve description of test:slow task. (stomar)

=== 5.24.1 / 2024-06-29

  • 1 bug fix:

    • Fix the error message when an extension is invalid value. (y-yagi)

=== 5.24.0 / 2024-06-18

  • 2 minor enhancements:

    • Added Minitest.register_plugin.
    • Extended plugin system to work with modules/classes for opt-out plugins.
  • 1 bug fix:

    • Removed anacronism, but allow load_plugins to exit gracefully if --disable=gems.
Commits
  • 6d83843 prepped for release
  • 0ccdc80 - Fix incompatibility caused by minitest-hooks & rails invading minitest inte...
  • 9e7c58d - Revert change from =~ to match? to allow for nil if $TERM undefined.
  • 393e334 prepped for release
  • 8cd3b1c + Refactored siginfo handler to reduce runtime costs. Saved ~30%!
  • bd96499 normalized all actual/expected var names for assert_equal tests
  • 4fe69b1 Accept colon style Hash#inspect in test. (tompng)
  • 296269c - Improve description of test:slow task. (stomar)
  • 1156b6c - Cleaning up ancient code checking for defined?(Encoding) and the like.
  • 2bd62c5 Minor fix to make deprecation tests pass when using rake testW0
  • Additional commits viewable in compare view

Updates sanitize from 6.1.1 to 6.1.3

Release notes

Sourced from sanitize's releases.

v6.1.3

Bug Fixes

  • The CSS URL protocol allowlist is now enforced on the nonstandard -webkit-image-set CSS function. [@​ltk - #242]242

v6.1.2

Bug Fixes

Changelog

Sourced from sanitize's changelog.

6.1.3 (2024-08-14)

Bug Fixes

  • The CSS URL protocol allowlist is now enforced on the nonstandard -webkit-image-set CSS function. [@​ltk - #242]242

6.1.2 (2024-07-27)

Bug Fixes

Commits
  • b0ec1d6 Release 6.1.3
  • caa94cb Update history for 6.1.3
  • c168413 Avoid repeating the list of CSS image functions
  • a5d93bb Add protocol allowlisting for -webkit-image-set CSS function
  • a98ac98 Release 6.1.2
  • 9148cb0 Update history for 6.1.2
  • 4478fa5 Enforce protocol allowlisting for image and image-set CSS funcs
  • See full diff in compare view

Updates nokogiri from 1.16.6 to 1.16.7

Release notes

Sourced from nokogiri's releases.

v1.16.7 / 2024-07-27

Dependencies

  • [CRuby] Vendored libxml2 is updated to v2.12.9, which the upstream release notes state is a security release to address CVE-2024-40896. Nokogiri's maintainers believe this vulnerability does not affect users of Nokogiri, but we advise upgrading at your earliest convenience anyway.

sha256 checksums:

78778d35f165b59513be31c0fe232c63a82cf97626ffba695b5f822e5da1d74b  nokogiri-1.16.7-aarch64-linux.gem
c84cdb9e3aa44c35bbb981b20175838c4b2066c26c5cb118f31f177168a42fc3  nokogiri-1.16.7-arm-linux.gem
276dcea1b988a5b22b5acc1ba901d24b8e908c40b71dccd5d54a2ae279480dad  nokogiri-1.16.7-arm64-darwin.gem
044c45ca46abc2b6135a85ab39a546ff2f0434d43142bc59b83e5b1068876a42  nokogiri-1.16.7-java.gem
01ed785392f9cbdfd45e0e5ef6ad6d2c80a6128672589448f18952168bd68e56  nokogiri-1.16.7-x64-mingw-ucrt.gem
d8fd5c675743b85354c9098117bfa9e703c7cacab8c33e5190104ea8218ad1ec  nokogiri-1.16.7-x64-mingw32.gem
dddbf1c1ef99ce9fab98302b14f8bacb703e6f16e89b99f05ecee8a1fca23664  nokogiri-1.16.7-x86-linux.gem
b6517d995b024739cbb81251a26866d40e1ccb151936b5bb0977e7487f4e617c  nokogiri-1.16.7-x86-mingw32.gem
630732b80fc572690eab50c73a1f18988f3ac401ed0b67ca9956ba2b1e2c3faa  nokogiri-1.16.7-x86_64-darwin.gem
9e1e428641d5942af877c60b418c71163560e9feb4a5c4015f3230a8b86a40f6  nokogiri-1.16.7-x86_64-linux.gem
f819cbfdfb0a7b19c9c52c6f2ca63df0e58a6125f4f139707b586b9511d7fe95  nokogiri-1.16.7.gem
Changelog

Sourced from nokogiri's changelog.

v1.16.7 / 2024-07-27

Dependencies

  • [CRuby] Vendored libxml2 is updated to v2.12.9, which the upstream release notes state is a security release to address CVE-2024-40896. Nokogiri's maintainers believe this vulnerability does not affect users of Nokogiri, but we advise upgrading at your earliest convenience anyway.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…dates

Updates the requirements on [org-ruby](https://github.com/wallyqs/org-ruby), [creole](https://github.com/minad/creole), [rexml](https://github.com/ruby/rexml), [activesupport](https://github.com/rails/rails), [minitest](https://github.com/minitest/minitest), [sanitize](https://github.com/rgrove/sanitize) and [nokogiri](https://github.com/sparklemotion/nokogiri) to permit the latest version.

Updates `org-ruby` from 0.9.9 to 0.9.12
- [Changelog](https://github.com/wallyqs/org-ruby/blob/master/History.org)
- [Commits](wallyqs/org-ruby@version-0.9.9...version-0.9.12)

Updates `creole` from 0.3.8 to 0.5.0
- [Changelog](https://github.com/minad/creole/blob/master/CHANGES)
- [Commits](minad/creole@0.3.8...v0.5.0)

Updates `rexml` from 3.3.3 to 3.3.6
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](ruby/rexml@v3.3.3...v3.3.6)

Updates `activesupport` from 7.1.3.4 to 7.1.4
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.2.1/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v7.1.3.4...v7.1.4)

Updates `minitest` from 5.23.1 to 5.25.1
- [Changelog](https://github.com/minitest/minitest/blob/master/History.rdoc)
- [Commits](minitest/minitest@v5.23.1...v5.25.1)

Updates `sanitize` from 6.1.1 to 6.1.3
- [Release notes](https://github.com/rgrove/sanitize/releases)
- [Changelog](https://github.com/rgrove/sanitize/blob/main/HISTORY.md)
- [Commits](rgrove/sanitize@v6.1.1...v6.1.3)

Updates `nokogiri` from 1.16.6 to 1.16.7
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.16.6...v1.16.7)

---
updated-dependencies:
- dependency-name: org-ruby
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: creole
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: rexml
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: activesupport
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: minitest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: sanitize
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: nokogiri
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added ospo-dependency-license-alert Issue created by dependency license check ruby Pull requests that update Ruby code labels Aug 26, 2024
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 2, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Sep 2, 2024
@dependabot dependabot bot deleted the dependabot/bundler/dependencies-ec20a5f540 branch September 2, 2024 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ospo-dependency-license-alert Issue created by dependency license check ruby Pull requests that update Ruby code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants